general Flashcards
State Machine
A device that can be in one of a set number of stable conditions depending on its previous condition and on the present values of its inputs.
Transaction singleton machine
A single instance of the machine for all transactions being created.
Turing completeness
Can have loops. can be used to simulate some Turing complete system.
For example, an imperative language is Turing complete if it has conditional branching (e.g., “if” and “goto” statements)
Delegatecall
Identical to message call, executed in context of the calling contract (msg.sender and msg.value do not change)
Shouldn’t use within fallback function.
Reentrancy attack
DaO hack: keep withdrawing money before the balance is updated
Solution: reduce the sender’s balance before making a transfer.
assert vs require vs revert
Assert() - assertive bully - steals your gas
Properly functioning code should never reach a failing assert statement; if this happens there is a bug in your contract which you should fix.
Require() - polite who calls out your errors / checks input - returns and refunds remaining gas.
- Validate user inputs ie. require(input<20);
- Validate the response from an external contract ie. require(external.send(amount));
Revert() - Handle the same type of situations as require(), but with more complex logic.
DoS
In computing, a denial-of-service attack (DoS attack) is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
King of the Ether attack
require(currentLeader.send(highestBid) statement trying to send funds to a contract that has a callback function that reverts.
Attack using selfdestruct
Target address of the selfdestruct does not execute its fallback function - the balance is simply updated.
Therefore, if a contract has a conditional statement that depends on the balance, that statement can be bypassed.
.send() vs .transfer() vs .call.value()
someAddress.send( ETH ): sends ether from contract to someAddress, returning boolean of success. Only allowed to use 2300 gas (enough to log an event only)
someAddress.transfer( ETH ): same as .send but also throws upon failure.
someAddress.call().value( ETH ): can use unlimited gas which allows for reentrancy attack and more…
var vs let in js
var is scoped to the nearest function block and let is scoped to the nearest enclosing block
Private, Public, Internal, External modifieres
In addition to public and private, Solidity has two more types of visibility for functions: internal and external.
internal is the same as private, except that it’s also accessible to contracts that inherit from this contract. (Hey, that sounds like what we want here!).
external is similar to public, except that these functions can ONLY be called outside the contract — they can’t be called by other functions inside that contract. We’ll talk about why you might want to use external vs public later.
two types of arrays
static vs dynamic
where are state variables stored?
blockchain
When is a getter method automatically generated?
for state variables that are explicitly made public.
e.i Person[] public people;
